User roles define a user’s broad responsibility within BE Custody.
Roles help organisations separate responsibilities across governance, administration, transaction activity, technical operations, and controlled custody processes. Permissions then define the specific actions each user can perform.
The roles and permissions available to an organisation may depend on its BE Custody configuration, service model, enabled features, and operational setup.
For the detailed permissions matrix, see What permissions can be assigned in BE Custody?
Why are user roles important?
User roles support governance and operational control by helping organisations decide who should be responsible for different custody activities.
They can help organisations:
- Separate senior organisational authority from day-to-day custody activity
- Separate governance administration from transaction activity
- Separate transaction creation from transaction approval, where configured
- Apply maker-checker or multi-user review processes
- Reduce concentration of authority
- Limit unnecessary access
- Support internal control and audit requirements
- Align custody access with internal responsibilities
Roles should be assigned based on each user’s responsibilities and reviewed regularly.
Roles and permissions
Roles and permissions are related, but they are not the same.
A role describes the user’s general responsibility in the custody operating model.
A permission defines the specific action that user can perform, such as viewing accounts, creating transactions, exporting data, managing address book entries, or accessing infrastructure-related functions.
For example, two users may have similar role descriptions but different permissions depending on the organisation’s configuration and internal governance model.
Main role types
The following role descriptions provide a high-level overview. Exact responsibilities and permissions may vary depending on the organisation’s setup.
| Role | High-level purpose |
|---|---|
| Owner | Holds senior organisational authority for the custody relationship and delegates operational responsibility. |
| Admin | Manages users, governance settings, and operational configuration. |
| Signer | Creates, reviews, approves, or signs transactions within assigned permissions and configured policies. |
| Cluster Manager | Supports the technical custody environment and related operational readiness. |
| Cluster Ops | Supports specific technical operational functions within the custody environment. |
| Cohort Manager | Supports controlled key lifecycle and governance-related custody processes, where applicable. |
Owner
The Owner is the senior organisational authority for the custody relationship.
Owners are typically responsible for providing or approving key organisational setup information and appointing the appropriate administrators. They are not usually involved in day-to-day custody operations.
At a high level, the Owner may be responsible for:
- Confirming organisational setup information
- Appointing Admins
- Acting as a senior organisational contact
- Delegating operational responsibility to appropriate users
- Supporting strategic or organisational decisions relating to the custody relationship
Admin
Admins are responsible for user management and governance-related configuration.
They help translate the organisation’s internal governance model into the relevant BE Custody setup. Depending on configuration, Admins may manage users, role changes, approval settings, address controls, limits, wallet settings, or other governance workflows.
At a high level, an Admin may be responsible for:
- Managing user access requests
- Supporting user role changes
- Managing governance-related workflows
- Helping maintain signing or approval configurations
- Supporting address, wallet, or policy controls where configured
- Coordinating with authorised internal stakeholders for sensitive changes
Admins generally have a governance and administration role rather than a day-to-day transaction execution role.
Signer
Signers are involved in transaction activity.
Depending on their assigned permissions and the organisation’s configuration, Signers may create, review, approve, cancel, or sign transactions. Their authority is bounded by the policies, limits, and approval workflows configured for the organisation.
At a high level, a Signer may be responsible for:
- Creating transaction requests
- Reviewing transaction details
- Approving or rejecting transactions
- Cancelling transactions where permitted
- Signing transactions where required
- Following the organisation’s internal approval process
- Escalating unexpected or unclear transaction requests
Signers should only create, cancel, or approve transactions they recognise, understand, and have reviewed.
Cluster Manager
The Cluster Manager supports the technical custody environment used by the organisation.
This is a technical role rather than a financial approval role. The Cluster Manager may support infrastructure readiness, technical operational activities, or environment-related processes depending on the organisation’s setup.
At a high level, a Cluster Manager may be involved in:
- Supporting technical custody infrastructure
- Coordinating environment readiness
- Supporting technical lifecycle events
- Accessing infrastructure operations features where configured
- Working with appropriate operational or technical teams
- Supporting technical processes required for the agreed custody model
The exact responsibilities depend on the service model and configuration.
Cluster Ops
Cluster Ops supports specific technical operational functions within the custody environment.
This role may be relevant where an organisation uses infrastructure operations workflows or technical payload processes as part of its custody setup.
At a high level, Cluster Ops may be involved in:
- Supporting specific infrastructure operations workflows
- Accessing technical payload-related functions where configured
- Supporting operational readiness activities
- Working with Cluster Managers or technical teams
- Following approved technical operating procedures
Cluster Ops is a technical operational role and should only be assigned where the user has a defined technical responsibility.
Cohort Manager
The Cohort Manager supports controlled custody processes related to key lifecycle governance and operational assurance.
This is a specialist procedural role rather than a day-to-day transaction execution role. The role may be relevant where an organisation has specific operational, governance, or key lifecycle requirements.
At a high level, a Cohort Manager may support:
- Controlled custody governance processes
- Key lifecycle-related coordination
- Procedural oversight
- Operational assurance activities
- Internal control and audit readiness
The exact responsibilities depend on the organisation’s setup and agreed custody model.
How do the roles work together?
At a high level:
- The Owner provides senior organisational authority.
- The Admin manages user access and governance configuration.
- The Signer performs transaction-related actions within configured permissions.
- The Cluster Manager supports the technical custody environment.
- Cluster Ops supports specific technical operational workflows.
- The Cohort Manager supports controlled custody lifecycle and assurance processes, where applicable.
This separation helps organisations apply appropriate governance, reduce concentration of authority, and align custody activity with internal controls.
How should roles be assigned?
Roles should follow the principle of least privilege.
Users should only be assigned the role and permissions they need to perform their responsibilities. Organisations should also consider segregation of duties, especially where users can create transactions, approve transactions, manage governance settings, access API keys, or perform technical custody operations.
What should organisations review regularly?
Organisations should periodically review:
- Which users have BE Custody access
- Which roles are assigned
- Which permissions are assigned
- Whether users still require access
- Whether approvers remain authorised
- Whether approval workflows remain appropriate
- Whether former users have been removed
- Whether access matches internal policy and governance requirements
What should I do if my role or permissions look wrong?
If your role or permissions do not match your responsibilities, contact your organisation’s administrator.
If your organisation needs support reviewing access or resolving a role or permissions issue, contact Bitpanda Enterprise Custody Support through the approved support channel.
Do not include passwords, PINs, private keys, seed phrases, API keys, API secrets, access tokens, or other sensitive authentication information in a support request.